Software pin entry

ABSTRACT

A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a non-provisional of and claims priority to U.S.Provisional Patent Application No. 61/658,828, filed on Jun. 12, 2012,the entire contents of which are hereby incorporated by reference.

TECHNICAL FIELD

This disclosure relates to mobile card processing using mobile devices.

BACKGROUND

In a conventional point-of-sale electronic credit card transaction witha smart card (also called a “chip card” or “integrated circuit card”), acardholder's identity is confirmed by requiring the entry of a PersonalIdentification Number (PIN) rather than or in addition to signing apaper receipt. A user provides a card at the point-of-sale to amerchant. The card contains an embedded microchip which stores the PIN.The merchant processes the card using a card reader, e.g., the card isinserted into the reader to engage electrical contacts for themicrochip. The card reader verifies the card as authentic and waits forthe user to enter the PIN. The user can enter the PIN on a PIN a keypadterminal of the reader, i.e., the keypad and the reader are a singlephysically integrated device. After the user enters the PIN, themicrochip notifies the card reader as to whether the entered PIN iscorrect or incorrect.

The card transaction is further authorized and captured. In theauthorization stage, if the entered PIN is correct, a payment request issent electronically from the card reader to a credit card processor. Thecredit card processor routes the payment request to a card network,e.g., Visa or Mastercard, which in turn routes the payment request tothe card issuer, e.g., a bank. Assuming the card issuer approves thetransaction, the approval is then routed back to the merchant. In thecapture stage, the approved transaction is again routed from themerchant to the credit card processor, card network and card issuer, andthe payment request can include a cardholder's signature, ifappropriate. The capture state can trigger the financial transactionbetween the card issuer and the merchant, and optionally creates areceipt. There can also be other entities, e.g., the card acquirer, inthe route of the transaction. Debit card transactions have a differentrouting, but also require insertion of the smart card into a reader.

Mobile card readers are available for magnetic stripe cards. Some mobilecard readers use WiFi technology to communicate with the credit cardprocessor via a wireless network access point. Some mobile card readers,e.g., in taxies, use cellular technology to communicate wirelessly withthe credit card processor.

SUMMARY

Existing chip card readers are generally bulky and expensive. However, acard reader configured to read a smart card can be detachably connectedto a mobile computing device, e.g., a smart phone, tablet computer, orthe like. The PIN can be entered on a touch display of the mobilecomputing device. This permits the mobile device to be a common consumerdevice, e.g., an iPhone or iPad. When the card reader is attached to themobile device, e.g., plugged into the audio port, an applicationinstalled on the mobile computing device permits the mobile device tocommunicate with the card reader in order to process transactions.

Security measures can be used on the mobile device to prevent theft of aPIN during software PIN entry of a payment transaction. Malware or otherunauthorized software can take screenshots of a display of the mobiledevice or detect locations of user input during PIN entry. When a userinputs a PIN on the mobile device on a keypad interface, the mobiledevice provides user feedback, e.g., the mobile device highlights, onthe keypad interface, a background of a cell that the user interfacedwith. The mobile device can prevent the keypad or other input interface,e.g., a keyboard, from displaying feedback. The mobile device can alsoprevent passcodes from being stolen by displaying media encoded withdigital rights management (DRM) and by managing the media and userinputs at a secure server.

A mobile device can securely communicate with a card reader for apayment transaction using asymmetric or symmetric encryption. The mobiledevice verifies a card reader's identity using a certificate installedin the card reader.

In one aspect, a method for processing payment transactions between acard, a card reader and a mobile device includes receiving batchedinformation from the mobile device, where the batched informationincludes information required for a transaction, where the transactionrequires a plurality of authentication codes before the transaction isapproved or denied; receiving, from the card, distinct requests forinformation from the batched information; and providing, to the card,the information based on the respective request, where the cardgenerates the plurality of authentication codes based on theinformation.

Implementation may include one or more of the following. The batchedinformation includes transaction details and an application selection,where the transaction details include one or more of the following:transaction amount, currency type, date, nonce, or verification results.The batched information includes a passcode from a user. The batchedinformation is sent when the card is inserted into the card reader. Thebatched information is sent before the card is inserted into the cardreader. Receiving the plurality of authentication codes from the card;transmitting the plurality of authentication codes to the mobile device,which sends the plurality of authentication codes to an issuing bankassociated with the card; receiving a response from the issuing bank,where the response authorizes the plurality of authentication codes; andsending the response to the card.

In another aspect, a method for providing security during passcode entryon a mobile device includes displaying an interface for receiving apasscode, where the interface includes one or more objects; receivinguser input on a display of the mobile device; not displaying feedbackbased on the user input, where the mobile device does not displayfeedback in one or more of the one or more objects; determining thepasscode based on the user input; and submitting the passcode forauthentication.

Implementation may include one or more of the following. Submitting thepasscode to a card reader. The feedback takes form through one or moreof the following: visual, audio, or tactile. The one or more objectsinclude a keypad and a passcode field, and where the mobile devicedisplays, on the passcode field, a symbol for each user entry from theuser, and where the mobile device does not display, on the keypad,feedback based on the user input. The one or more objects include akeypad and a passcode field, and where the mobile device does notdisplay feedback in the keypad or the passcode field. The feedback isnot displayed in any of the one or more objects. The feedback isdisplayed in some of the one or more objects. Disabling an ability ofthe one or more objects to change visual state. The determining is basedon locations of the user input on the display.

In another aspect, a method for providing security during passcode entryon a mobile device includes receiving, from a server, a media file,where content of the media file includes an interface for receiving apasscode, where the media file is encoded by digital rights management,and where locations of input values of the interface are randomlygenerated; displaying the media file; receiving user input on a displayof the mobile device; determining locations of the user input on thedisplay; sending the locations to the server; receiving a passcode fromthe server, where the passcode is based on the locations; and submittingthe passcode for authentication.

Implementation may include one or more of the following. Displaying themedia file prevents the mobile device from taking screenshots. The mediafile is an image or a movie. Submitting comprises: submitting thepasscode to a card reader. The displaying further comprises: decodingthe media file at a module for digital rights management; and displayingthe decoded file. The input values of the interface include numbers 0-9.

In another aspect, a method for providing security during passcode entryon a mobile device includes generating a media file, where the mediafile is encoded with digital rights management, where content of themedia file includes an interface for receiving a passcode, wherelocations of input values of the interface are randomly generated;sending the media file to the mobile device; receiving, from the mobiledevice, locations of user input on a display of the mobile device;determining a user inputted passcode based on the locations of the userinput on the display and the locations of input values of the interface;and sending the user inputted passcode to the mobile device.

Implementation may include one or more of the following. The userinputted passcode is encrypted prior to sending the user inputtedpasscode. The media file is an image or a movie.

In another aspect, a method for securely communicating between a cardreader and a mobile device includes receiving a unique identificationcode of the card reader; sending the unique identification code to aserver; receiving a cryptographic key from the server, where thecryptographic key is associated with the unique identification code; andencrypting data using the cryptographic key; sending the data to thecard reader; receiving encrypted data from the card reader; decryptingthe encrypted data using the cryptographic key; processing theunencrypted data; and continuing secure communication between the cardreader and the mobile device, wherein continuing secure communicationincludes encrypting and decrypting using the cryptographic key.

Implementation may include one or more of the following. The uniqueidentification code is thirty two bits or sixty four bits in length.Prior to receiving the unique identification code, a card is swiped atthe card reader. The data includes a passcode associated with the card.The encrypted data is an acknowledgment that the passcode is verified.The processing comprises: submitting a payment transaction to a paymentprocessing system. Prior to the encrypting, further comprising:receiving a certificate from the card reader; sending the certificate tothe server, where the server verifies a signature of the certificate;and receiving a verification of the certificate from the server. Priorto sending the unique identification code to the server, encrypting theunique identification code using a public key from the server; and whereprior to decrypting the encrypted data using the cryptographic key,decrypting the encrypted data using a private key of the mobile device.The unique identification code and encrypted data are received from anaudio jack of the mobile device, and where the data is sent through theaudio jack. The unique identification code and encrypted data arereceived wirelessly from the mobile device, and where the data is sentwirelessly.

In another aspect, a method for securely communicating between a cardreader and a mobile device includes sending a unique identification codeto the mobile device; receiving encrypted data from the mobile device;decrypting the encrypted data using a cryptographic key; encrypting aresponse using the cryptographic key; sending the response to the mobiledevice; and continuing secure communication between the card reader andthe mobile device, wherein continuing secure communication includesencrypting and decrypting transmissions using the cryptographic key.

Implementation may include one or more of the following. The uniqueidentification code is 32 bits or 64 bits in length. Prior to sendingthe unique identification code, a card is swiped at the card reader. Theencrypted data includes a passcode associated with the card. Theresponse is an acknowledgment that the passcode is verified. Sending acertificate to the mobile device. The cryptographic key is embedded inthe card reader during manufacturing of the card reader. The uniqueidentification code and the response are sent from an audio jack of themobile device, and where the encrypted data is received through theaudio jack. The unique identification code and the response are sentwirelessly from the mobile device, and where the encrypted data isreceived wirelessly

In another aspect, a method for securely communicating between a cardreader and a mobile device includes receiving a unique identificationcode of the card reader; generating first data to be processed by thecard reader, where the first data is encrypted using a firstcryptographic key; sending the unique identification code and theencrypted data to a server, where the server conducts operations thatfurther comprise: decrypting the encrypted first data using the firstcryptographic key; obtaining a second cryptographic key based on theunique identification code, where the second cryptographic key isassociated with the card reader; generating a response based on thefirst data, where the response is encrypted using the secondcryptographic key; and sending the encrypted response to the mobiledevice; receiving the encrypted response from the server; and sendingthe encrypted response to the card reader.

Implementation may include one or more of the following. The uniqueidentification code is thirty two bits or sixty four bits in length.Prior to receiving the unique identification code, a card is swiped atthe card reader. The data includes a passcode associated with the card.The encrypted data is an acknowledgment that the passcode is verified.Prior to sending the unique identification code and the encrypted datato the server, further comprising: receiving a certificate from the cardreader; sending the certificate to the server, where the server verifiesa signature of the certificate; and receiving a verification of thecertificate from the server. Receiving second data from the card reader,where the second data is encrypted; sending the unique identificationand the second data to the server, where the server conducts operationsthat further comprise: obtaining the second cryptographic key based onthe unique identification code, where the second cryptographic key isassociated with the card reader; decrypting the encrypted second datausing the second cryptographic key; generating a response based on thesecond data, where the response is encrypted using the firstcryptographic key; and sending the encrypted response to the mobiledevice; receiving the encrypted response from the server; decrypting theencrypted response using the first cryptographic key; and processing theresponse. The processing comprises: submitting a payment transaction toa payment processing system. The unique identification code is receivedfrom an audio jack of the mobile device, and where the encryptedresponse is sent through the audio jack. The unique identification codeis received wirelessly from the mobile device, and where the encryptedresponse is sent wirelessly.

In another aspect, a method for securely communicating between a cardreader and a mobile device, comprising: sending a unique identificationcode to the mobile device; receiving encrypted data from the mobiledevice; decrypting the encrypted data using a cryptographic key;encrypting a response using the cryptographic key; and sending theresponse to the mobile device.

Implementation may include one or more of the following. The uniqueidentification code is 32 bits or 64 bits in length. Prior to sendingthe unique identification code, a card is swiped at the card reader. Theencrypted data includes a passcode associated with the card. Theresponse is an acknowledgment that the passcode is verified. The uniqueidentification code and the response are sent from an audio jack of themobile device, and where the encrypted data is received through theaudio jack. The unique identification code and the response are sentwirelessly, and where the encrypted data is received wirelessly.

In another aspect, a method for securely communicating between a cardreader and a mobile device includes receiving a cryptographic key of thecard reader; encrypting data using the cryptographic key; sending thedata to the card reader; receiving encrypted data from the card reader;decrypting the encrypted data using the cryptographic key; andprocessing the unencrypted data.

Implementation may include one or more of the following. Prior toreceiving the cryptographic key, a card is swiped at the card reader.The data includes a passcode associated with the card. The encrypteddata is an acknowledgment that the passcode is verified. The processingcomprises: submitting a payment transaction to a payment processingsystem. Prior to the encrypting, further comprising: receiving acertificate from the card reader; sending the certificate to the server,where the server verifies a signature of the certificate; and receivinga verification of the certificate from the server. The cryptographic keyand the encrypted data are received from an audio jack of the mobiledevice, and where the data is sent through the audio jack. Thecryptographic key and the encrypted data are received wirelessly, andwhere the data is sent wirelessly.

In another aspect, a method for securely communicating between a cardreader and a mobile device includes sending a cryptographic key to themobile device; receiving encrypted data from the mobile device;decrypting the encrypted data using the cryptographic key; encrypting aresponse using the cryptographic key; and sending the response to themobile device.

Implementation may include one or more of the following. Prior tosending the unique identification code, a card is swiped at the cardreader. The encrypted data includes a passcode associated with the card.The response is an acknowledgment that the passcode is verified. Thecryptographic key and the response are sent from an audio jack of themobile device, and where the encrypted data is received through theaudio jack. The cryptographic key and the response are sent wirelesslyfrom the mobile device, and where the encrypted data is receivedwirelessly.

In another aspect, a method for processing payment transactions betweena card, a card reader and a mobile device includes receiving a cardinsertion at the card reader; sending a notification of the cardinsertion to the mobile device; receiving a passcode from the mobiledevice, where the mobile device receives the passcode based on userinput on a display of the mobile device, and where the passcode isassociated with the card; sending the passcode to the card, where thecard determines the passcode matches an embedded passcode in the card;sending an approval for a transaction to the mobile device.

Implementation may include one or more of the following. Thenotification and the approval are sent over an audio jack of the mobiledevice, and where the passcode is received over the audio jack. Thenotification and the approval are sent wirelessly from the mobiledevice, and where the passcode is received wirelessly. The passcode isencrypted, and where prior to sending the passcode to the card,decrypting the encrypted password using a cryptographic key. Theapproval is encrypted using a cryptographic key.

Advantages may include one or more of the following. A card reader cancommunicate bi-directionally with a mobile device through an audio jack.This enables processing of a transaction that requires multiple roundtrips, e.g., a payment transaction that requires PIN verification. Thecard reader can batch requests to the phone, and vice-versa, to savepower. The mobile device can prevent theft of sensitive information,e.g., passcode information, during passcode entry by limiting feedbackto the user and using DRM-encoded files. The mobile device can alsoensure the card reader is a verified device and securely communicatewith the verified card reader to prevent fraud or theft.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic illustration of an example system for conducting atransaction using PIN entry.

FIG. 2 is a diagram of an example method for conducting a transactionusing PIN entry by batching commands from a mobile device to a cardreader.

FIG. 3 is a schematic illustration of an example system for providingsecurity during PIN entry by limiting user feedback on the display ofthe mobile device.

FIG. 4 is an example generated user interface on a mobile device.

FIG. 5 is an example flow chart of a method for providing securityduring passcode entry by limiting user feedback on the display of themobile device.

FIG. 6 is a schematic illustration of an example system for providingsecurity during PIN entry by receiving a PIN on a randomized PIN entryinterface while displaying a file encoded with digital rights management(DRM).

FIG. 7 is a diagram of an example method for providing security duringPIN entry by receiving a PIN from a secure server.

FIG. 8 is an example generated user interface on a mobile device.

FIG. 9 is a schematic illustration of an example system for securelycommunicating between a card reader and a mobile device.

FIG. 10 is a diagram of an example method of establishing securecommunications between a card reader and a mobile device usingasymmetric encryption.

FIG. 11 is a diagram of an example method 1100 of establishing securecommunications between a card reader and a mobile device using symmetricencryption.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

FIG. 1 is a schematic illustration of an example system 100 forconducting a transaction using PIN entry. In some implementations, thesystem 100 is capable of processing a payment transaction between amobile computing device 102 and a card reader 110. The mobile computingdevice 102 can be a smart phone, tablet computer or laptop, or otherdata processing apparatus. The card reader 110 can be detachablyconnected to the mobile computing device 102. The card reader 110 is adevice that reads data from a card-shaped storage medium. In otherwords, the card reader 110 does not have a display or a keyboard, butthe card reader 110 has an interface for inserting or swiping a card.For example, the system 100 can process the card according to theEuropay, Mastercard, Visa (EMV) protocol.

As a general overview, a card can be inserted into the card reader 110so that the reader engages electrical contacts for the microchip on thecard. The card reader 110 sends a PIN request to the mobile device 102.In some implementations, the card reader 110 is attached to an audiojack or headset jack of the mobile device 102. In alternativeimplementations, the card reader 110 communicates with the mobile device102 wirelessly, e.g., using Bluetooth technology or a WiFi hotspot. Themobile device 102 receives a PIN from the user, e.g., entered through auser interface of the mobile device 102, e.g., a touch-screen display,and sends the PIN to the card reader 110 for confirmation, e.g., overthe audio jack of the mobile device 102. The card reader 110 can read,on the card, a chip that contains an embedded PIN. The card reader 110compares the entered PIN to the embedded PIN. If the PINs match, thecard reader 110 sends a confirmation to the mobile device 102, e.g.,over the audio jack. The mobile device 102 can transmit an authorizationfor transaction to a secure server 114 for payment processing using anexternal network, e.g., the Internet 112. The secure server 114 canrelay the transaction to the card issuer 116, which ultimately approvesor denies the transaction. The card issuer 116 can communicate theapproval or denial to the secure server 114, which can relay the cardissuer's response to the mobile device 102. More transaction detailswill be discussed below in reference to FIG. 2.

The mobile device 102 includes a display 104 and a user interfacecontroller 106. The user interface controller 106 can generate a userinterface for PIN entry. The user interface can be a keypad interface ora keyboard interface. The mobile device 102 can display the generatedinterface on the display 104. For example, the generated interface canbe a keypad interface with numbers 0-9. This is described further belowin reference to FIG. 4.

FIG. 2 is a diagram of an example method (step 200) for conducting atransaction using PIN entry by batching commands from a mobile device toa card reader. Conducting a transaction using PIN entry requires threephases: 1) card authentication (step 204), 2) cardholder verification(step 206), and 3) transaction authorization (step 208). These threephases involve communication between a card, a card reader, a mobiledevice, and an issuing bank. The card chip can communicate with the cardreader over electrical contacts in the card reader. The card reader cancommunicate with the mobile device over an audio jack of the mobiledevice or over a wireless connection. The mobile device can directlycommunicate with the issuing bank using an Internet, e.g., WiFi, or3G/4G data connection. In some implementations, the mobile devicecommunicates with a secure server, which in turn communicates with theissuer. The mobile device can use the secure server to store informationrelated to the transaction, e.g., a transaction receipt.

Generally, the card authentication phase (step 204) commences when acard is inserted into the card reader. The card reader requests a listof supported applications (in this context the “applications” refer totypes of financial transactions, e.g., credit, debit, or ATM) from thecard chip. For example, this list of supported applications can bestored in the file 1PAY.SYS.DDF01, which is selected by the card reader.The card chip sends the list, e.g., the file contents, to the cardreader. The card reader receives input selecting a type of application,and sends a message to the card chip selecting the application andstarting the transaction. In some implementations, the card readerselects the supported application from the list. The message startingthe transaction can serve as a “read record” command to read cardholderrecords from the card chip. These records can include card details,e.g., primary account number, start and expiry date, backwardscompatibility data, e.g., a copy of a magnetic strip, and controlparameters, e.g., a type of authentication method to be used, forexample, signature, PIN, or none. In some implementations, the recordsinclude a digital signature, which can be later verified by an issuingbank.

In the cardholder verification phase (step 206), the card can prompt thecard reader for a PIN. The card reader then prompts the mobile devicefor a PIN. After the mobile device receives a PIN from the user, themobile device sends the PIN to the card reader. The card reader sendsthe PIN to the card, and if the PIN matches an embedded PIN on the card,the card returns a success or a failure. In some implementations, thecard maintains a retry counter to limit the number of failed PINentries. That is, the card can reject a PIN for processing if too manyPINs have been entered.

In the transaction authorization phase (step 208), the card readerrequests the card to generate an authorization request cryptogram(ARQC). The request can include or be followed by the transactiondetails. The transaction details can include transaction amount,currency type, date, terminal verification results (TVR), and/or a noncegenerated by the card reader. In response, the card chip generates theARQC, which includes a cryptographic message authentication code (MAC).The MAC can be generated based on the transaction details. The ARQC canalso include an application transaction counter (ATC), which is asequence counter identifying the transaction, issuer application data(IAD), which is a variable length field containing data generated by thecard. In some implementations, the MAC is generated using a symmetrickey shared between the card and the issuing bank.

If the card permits the transaction, the card sends the ARQC to the cardreader, which sends the ARQC to the mobile device. The mobile devicethen sends the ARQC to the issuing bank. The issuing bank can performvarious cryptographic, anti-fraud, and financial checks on the ARQC. Ifthe checks are satisfied, the issuing bank sends an authorizationresponse code (ARC) that indicates a transaction approval or denial andan authorization response cryptogram (ARPC). In some implementations,the ARPC is a MAC resulting from an XOR operation between the ARQC andthe ARC. The card reader sends both the ARPC and the ARC to the card.

The card validates the MAC contained within the ARPC. If the validationis successful, the card can update its internal state to note that theissuing bank has authorized the transaction. The card can send atransaction certificate cryptogram (TC) to the card reader. The TCindicates that the card is authorizing the transaction to proceed. Afterreceiving the TC, the card reader sends the TC to the mobile device,which sends the TC to the issuer. The card reader, the mobile phone, or,if applicable, the secure server can store a copy of the TC in case of adispute.

The method (step 200) can minimize information, e.g., data, transferredbetween the mobile device and the card reader during the three phases tosave battery on both devices. This can be accomplished by batchinginformation exchanged between the card reader and the mobile device. Inparticular, the information needed by the card chip can be batched whendelivered from the mobile device to the card reader (step 202). Thus,instead of requesting information from the mobile device in a piecemealfashion, e.g., when the card chip requires data, the mobile device canbe configured to send batched information to the card reader and thecard reader can be configured to process batched information sent fromthe mobile device.

The mobile device can generate batched information and send the batchedinformation before or during the first phase, that is, the cardauthentication phase (step 204). In some implementations, once the cardis inserted into the card reader, the card reader notifies the mobiledevice. Upon receiving the notification, the mobile device sends thebatched information to the card reader. In alternative implementations,the mobile device sends the batched information before the card isinserted into the card reader.

The batched information sent from the mobile device to the card readercan include the application type, e.g., credit, debit, or ATM, andtransaction details, e.g., the amount, currency, date, identity ofpayee, or a nonce. The mobile device can obtain or, if applicable,generate this information once transaction details have been finalized.In some implementations, this information is obtained from preferenceswithin an application of the mobile device. In some implementations, thebatched information includes a PIN inputted from a user. For example,the mobile device can prompt a user for a PIN before the card or thecard reader requests the PIN. Once the mobile device receives the PINfrom the user, the mobile device can generate the batched information toinclude the PIN and then send the batched information to the cardreader.

The card reader can store the batched information from the mobile deviceand provide information when the card requires it. For example, duringcard authentication (step 204), the card requests an applicationselection from the terminal. Because the card reader already has aselected application in mind, e.g., the selection was in the batchedinformation, the card reader can send the selected application to thecard without having to query the mobile device at that time. Similarly,during transaction authorization (step 208), the card reader can providetransaction details to the card chip that were previously included inthe batch information. With batched information, the card reader doesnot need to communicate with the mobile device. Also, if the PIN isalready in the batched information, during cardholder verification (step206), the card reader sends the PIN to the card without prompting theuser for PIN entry. In addition, the records that were provided to thecard reader can be provided to the mobile device in the transactionauthorization step, e.g., as part of batched information that includesthe ARQC.

In some implementations, some parts of the batched information arerejected as invalid from the card. For example, a PIN in the batchedinformation can be incorrect. In this case, the card reader communicatesthe rejection to the mobile device, and the mobile device providesupdated information to be processed by the card, e.g., the mobile deviceprompts the user again for another PIN and sends the PIN to the cardreader. For example, a PIN in the batched information can be incorrect.As another example, the desired application in the batched informationfrom the mobile device to the card reader may not be a supportedapplication in the list provided by the card chip to the card reader. Inthis case, the card reader communicates the list of supportedapplications to the mobile device, and the mobile device provides anupdated selection of the application or requests cancellation of thetransaction, either based on a default or from user input.

FIG. 3 is a schematic illustration of an example system 300 forproviding security during PIN entry by limiting user feedback on thedisplay of the mobile device. As described above in reference to FIG. 1,the mobile device 102 includes a display 104 and a user interfacecontroller 106, and the mobile device 102 communicates with a cardreader 110.

In addition, the user interface controller 106 can include a feedbackcontroller 308. The user can interact with the generated interface ofthe user interface controller 106, e.g., a user can tap or drag a fingeron the display. The feedback controller 308 processes the user feedbackentered through the display. The feedback controller 308 detects userinput and sends one or more events, e.g., user taps, to the userinterface controller 106. The user interface controller 106 processesthe one or more events, e.g., stores the value entered by the user, anddetermines whether to provide user feedback.

In a conventional keyboard or number pad user interface on the displayof a mobile device, the user interface controller 106 can provide visualfeedback on the display 104. For example, if a user taps a ‘5’ on thekeypad interface, the feedback controller 308 can detect and send thetap to the user interface controller 106. The mobile device 102 can thenhighlight the cell ‘5’ on the keypad interface to provide feedback tothe user that the ‘5’ was tapped. FIG. 4 is an example generated userinterface 400 on a mobile device. The user interface displays a keypad404 and a passcode field 402. The keypad 404 shows a cell of value ‘5’being highlighted, e.g., because a user has tapped the ‘5’. Once the ‘5’has been selected, a ‘*’ can be displayed on the passcode field 402.

Malware on the mobile device 102 can cause the mobile device 102 to takescreenshots of the display 104. For example, malware can trigger themobile device 102 to take a screenshot upon receiving an event at thefeedback controller 308. Other triggers are possible, e.g., malwarecauses the mobile device to take screenshots randomly or continuouslyfor a time interval. For example, if malware causes a screenshot to betaken during PIN entry of a user, and if a cell is highlighted based onthe user input, the screenshot will show the keypad interface with ahighlighted cell and the malware can deduce a value in the PIN.

In some implementations, the user interface controller 106 processes theuser input, e.g., stores the entered value, but does not display userfeedback, e.g., when a user taps ‘5’, the cell ‘5’ is not highlighted onthe display. Because the mobile device 102 does not display ahighlighted cell on user input, the malware will take a screenshot thatwill not have a cell highlighted. Consequently, the malware be unable todeduce the PIN value from the screenshot and no sensitive informationwill be lost or stolen. In some implementations, a ‘*’ is displayed forevery individual user input while none of the cells are highlighted.

Therefore, even if malware takes a screenshot during PIN entry, thescreenshot can show the length of the PIN, but the screenshot will notcompromise which value is entered. For example, the passcode field 402displays three ‘*’, indicating three values have been selected. In someother implementations, a ‘*’ is not displayed and a cell is nothighlighted upon user input, thereby not compromising any informationabout the passcode in the event of a screenshot.

In some implementations, feedback to the user that a key has beenpressed can provided in audio form, e.g., through external speakers, ortactile form, e.g., through vibrators in the mobile device.

FIG. 5 is an example flow chart of a method 500 for providing securityduring passcode entry by limiting user feedback on the display of themobile device. For convenience, the method 500 will be described withrespect to a system, e.g., the system described in reference to FIG. 4.The system displays an interface for receiving a passcode (step 502).The system receives user input on a display (step 504), but the systemdoes not display feedback to the user based on user input (step 506). Insome implementations, if the interface is a keypad interface, and a usertaps a cell, the cell is not highlighted. Based on the user input, thesystem determines the passcode, e.g., one or more PIN values (step 508).For example, the system can convert one or more user taps intorespective coordinates on the display. Based on the tap coordinates andcoordinates of a keypad interface, the system determines values of thepasscode that is entered by the user. In some implementations, thesystem submits the passcode to the card reader (step 510), whichauthenticates the entered passcode by passing the passcode to the chipon the card and receiving verification from the chip that the passcodematches the embedded PIN values on the card.

FIG. 6 is a schematic illustration of an example system 600 forproviding security during PIN entry by receiving a PIN on a randomizedPIN entry interface while displaying a file encoded with digital rightsmanagement (DRM). The file can be a media file, e.g., an image or video.In some implementations, a mobile device 102 receives the file from asecure server 114 over an external network, e.g., the Internet 112, aswill be described below in reference to FIG. 7. As described above inreference to FIG. 1, the mobile device 102 includes a display 104 and auser interface controller 106, and the mobile device 102 communicateswith a card reader 110.

To play a file encoded with DRM, the file is decoded by a DRM module,e.g., either installed in software or in hardware at a DRM controller608. The DRM module can prevent the mobile device 102 from takingscreenshots while the DRM-encoded file is being displayed. The mobiledevice 102 can detect user input while the file is playing using a userinterface controller 106, e.g., similar to the feedback controller inreference to FIG. 3.

FIG. 7 is a diagram of an example method 700 for providing securityduring PIN entry by receiving a PIN from a secure server. The secureserver generates an interface for receiving a passcode and converts theinterface into a media file (step 702). The media file can be encoded byDRM. Because the secure server generates the interface, the secureserver can determine locations of input values in the interface. Forexample, the secure server can include a mapping of input values in theinterface, e.g., a ‘1’ button, to coordinates on the interface. Anexample of a randomly generated interface is described further below inreference to FIG. 8. The secure server stores the interface, e.g., in adatabase. The secure server sends the media file to the mobile device(step 704).

The mobile device displays the DRM-encoded media file (step 706). Asmentioned above, content of the media file includes an interface forreceiving a passcode, e.g., a PIN. If the file is a DRM-encoded video ofa PIN entry interface, e.g., a video version of the interface shown inreference to FIG. 8, the mobile device displays the file using the DRMcontroller (step 706). While the media file is being displayed, thesystem can receive user input on the display (step 708), e.g., a userinterface controller processes the input. The mobile device determineslocations of user inputs, e.g., user taps, as described above inreference to FIG. 1. Locations of user inputs can be represented as anx-coordinate and y-coordinate. The mobile device sends the locations ofuser inputs to the secure server (step 710). The x-coordinate andy-coordinate of the user inputs can be encrypted before being sent tothe secure server.

The secure server determines a passcode from the locations of userinputs (step 712). The secure server obtains the stored interfacecorresponding to the media file that was originally sent to the mobiledevice. The secure server determines the passcode by comparing thelocations of user inputs with locations of input values on the storedinterface. Because the user input is not converted into actual values atthe mobile device, and because although the mobile device displays themedia file but does not store any correspondence between the locationsof the user inputs and the associated values, e.g., the correspondenceis stored only on the secure server, an intruder will be unable toobtain the passcode even if the intruder can, e.g., through malware onthe mobile device, detect locations of user inputs on the display. Afterdetermining the passcode, the secure server sends the passcode to themobile device (step 714), which sends the passcode to a card reader forprocessing (step 716). The passcode can be encrypted before transmissionfrom the secure server.

FIG. 8 is an example generated user interface 800 on a mobile device.The user interface displays a keypad 804 and a passcode field 802. Atypical keypad can display input values 1, 2, 3, 4, 5, 6, 7, 8, 9, and 0in ascending order from left to right and top to bottom. Here, locationsof input values of the keypad are randomly generated. More specifically,the order of input values, from left to right and top to bottom, is 8,6, 2, 9, 4, 1, 5, 0, 7, and 3. Alternatively, instead of randomlyassigning locations, the user interface can be selected from a number ofpredetermined user interfaces.

If a user taps a middle cell with value ‘4’, the mobile device canencrypt and send the location of the tap to the secure server. In someimplementations, an input location is sent after each user input. Inalternative implementations, user input locations are aggregated andsent after a user hits a ‘Go’ value.

The secure server can match the location of the tap, e.g., thex-coordinate and the y-coordinate, to locations of input values of thegenerated keypad. That is, the secure server can determine the value ofthe passcode is ‘4’ because the location of the user input is within alocation of the ‘4’ in the generated keypad. In general, the secureserver returns the passcode after all of the user input locations arereceived.

FIG. 9 is a schematic illustration of an example system 900 for securelycommunicating between a card reader 908 and a mobile device 902. Thecard reader includes cryptographic keys 904 and a unique identification(ID) 906. The cryptographic keys 904 can include a public key and aprivate key. The cryptographic keys 904 can also include a certificatesigned by a trusted authority. The unique ID 906 is an identificationthat is unique to the card reader. The unique ID can be 32 bits or 64bits in length. In some implementations, the unique ID 906 is embeddedin firmware during manufacture of the card reader 908. The card reader908 communicates with the mobile device 902, which can communicate witha secure server 914 over an external network, e.g., the Internet 912.The secure server 914 can provide a public key for secure communicationbetween the mobile device 902 and the card reader 908, as will bedescribed further below in reference to FIG. 10.

FIG. 10 is a diagram of an example method 1000 of establishing securecommunications between a card reader and a mobile device usingasymmetric encryption. The card reader sends a unique ID to the mobiledevice (step 1002). In some implementations, the card reader sends, tothe mobile device, a certificate signed by a trusted authority. Themobile device can verify the certificate's signature. Alternatively, themobile device can send the certificate to a secure server forverification.

In some implementations, the mobile device does not have a cryptographickey, e.g., a public key, corresponding to a cryptographic key on thecard reader, e.g., a corresponding private key. Therefore, the mobiledevice can obtain the appropriate cryptographic key from the secureserver.

The mobile device sends the unique ID to the secure server (step 1004),e.g., using a data connection such as 3G/4G or WiFi. The secure serverreceives the unique ID and obtains a public cryptographic key associatedwith the unique ID, e.g., from a database. The public key can expireafter a certain amount of time. In some implementations, the secureserver stops secure communication between the mobile device and cardreader by allowing the public key to expire without reissuing anothervalid public key.

The secure server sends the public key to the mobile device (step 1006).The mobile device can then cache the public key for futurecommunications with the card reader. The mobile device can encrypt datausing the public key (step 1008). For example, using the public key, themobile device can encrypt a request to the card reader to accept a cardfor a payment transaction. Alternatively, the mobile device can encrypta PIN entered by the user using the public key.

The mobile device sends encrypted data to the card reader (step 1010).To process the data, the card reader uses a private cryptographic key todecrypt the encrypted data and performs operations based on the data(step 1012). For example, the card reader can decrypt a request tocompare PIN values and perform a comparison using the decrypted data.The private key can be embedded in the card reader during manufacturing.In some implementations, the card reader only responds to requests thatare encrypted by the public key.

The card reader can encrypt a response to the mobile device using theprivate key and send encrypted data to the mobile device (step 1014).For example, the response can be an acknowledgement that the card readerhas verified a PIN match. The mobile device can decrypt the responseusing the mobile device's public key and perform operations based on thedata, e.g., submit an authorization for transaction to a paymentprocessing server. In this manner, the mobile device and card reader cancontinue to securely communicate using the mobile device's public keyand the card reader's private key (step 1016).

In some implementations, when securely communicating using eitherasymmetric or symmetric encryption, the secure server and the mobiledevice each have a separate pair of cryptographic keys, e.g., separatepairs of public and private keys. The mobile device and secure servercan add an additional layer of security by encrypting data, which can bealready encrypted using the card reader's private key, using theappropriate public key. For example, the mobile device can encrypt theunique identification of the card reader before transmission to theserver. The server can first decrypt the received data from the mobiledevice using the server's separate private key. The server can alsoencrypt data, e.g., the card reader's public key, that is sent to themobile device using the mobile device's separate public key.

In some implementations, secure communication can be established withoutthe secure server. Instead of sending the unique ID to the mobiledevice, the card reader sends a cryptographic key, e.g., the cardreader's public key, to the mobile device. Generally, public keys are2048 bits long, the size of which is significantly larger than the sizeof a unique ID. Therefore, the time and battery requirements for thecard reader to send the public key to the mobile device are higher thanthe card reader's sending of the unique ID. However, once the mobiledevice receives the public key in its entirety, the mobile device cansecurely communicate with the card reader as described above.

FIG. 11 is a diagram of an example method 1100 of establishing securecommunications between a card reader and a mobile device using symmetricencryption. The card reader encrypts a unique identification of the cardreader using a cryptographic key, e.g., a shared key (step 1101).Similar to the method describe above using asymmetric encryption, thecard reader sends the encrypted unique ID to the mobile device (step1102). The unique ID can be 32 bits or 64 bits in length. In someimplementations, the card reader sends, to the mobile device, acertificate signed by a trusted authority. The mobile device can verifythe certificate's signature. Alternatively, the mobile device can sendthe certificate to a secure server for verification.

The mobile device generates data to be sent to the card reader (step1103). For example, the data can be a passcode, e.g., a PINcorresponding to a credit card. For example, without the shared key, themobile device cannot encrypt data to be sent to the card reader. In someimplementations, the mobile device uses a separate pair of cryptographickeys, as described above, to securely communicate with a server. Themobile device can generate encrypted data using the mobile device'spublic key (step 1104). The encrypted data can include an encryptedversion of the unique identification and an encrypted version of arequest for the card reader to process, e.g., a request to process aPIN.

The mobile device sends encrypted data to the secure server 1104, e.g.,using a data connection such as 3G/4G or WiFi. In some implementations,the secure server receives the encrypted data and decrypts the encrypteddata using its separate private key. The decrypted data can include anunencrypted ID and an unencrypted request. With an unencrypted ID, thesecure server can obtain a shared key associated with the unique ID,e.g., from a database. The secure server can generate a response that isencrypted with the request using the shared key (step 1106). The secureserver sends the encrypted response to the mobile device (step 1108).

In turn, the mobile device sends the encrypted response to the cardreader (step 1110). The mobile device does not receive the shared keyand therefore minimizes a security breach. To process the data, the cardreader uses the shared key, which can be embedded during manufacturing,to decrypt the encrypted response and performs operations based on thedata (step 1112). For example, the card reader can decrypt a request tocompare PIN values and perform a comparison using the decrypted data. Insome implementations, the card reader only responds to requests that areencrypted by the shared key.

The card reader can encrypt more data to send to the mobile device usingthe shared key and send the encrypted data to the mobile device (step1114). For example, the data can be an acknowledgement that the cardreader has verified a PIN match. The mobile device sends the encrypteddata to the secure server (step 1116). In some implementations, themobile device encrypts the encrypted data a second time using the secureserver's public key. Upon receipt of the encrypted data, the secureserver decrypts the data using the secure server's private key and thecard reader's shared key to obtain unencrypted data from the cardreader. The secure server then encrypts the data using the mobiledevice's public key (step 1118). The secure server sends the encrypteddata to the mobile device (step 1120), and the mobile device decryptsthe data using its separate private key and processes the data. Securecommunication can continue without the mobile device ever having thecard reader's shared key.

Embodiments of the subject matter and the operations described in thisspecification can be implemented in digital electronic circuitry, or incomputer software, firmware, or hardware, including the structuresdisclosed in this specification and their structural equivalents, or incombinations of one or more of them. Embodiments of the subject matterdescribed in this specification can be implemented as one or morecomputer programs, i.e., one or more modules of computer programinstructions, encoded on a non-transitory computer storage medium forexecution by, or to control the operation of, data processing apparatus.Alternatively or in addition, the program instructions can be encoded onan artificially-generated propagated signal, e.g., a machine-generatedelectrical, optical, or electromagnetic signal, that is generated toencode information for transmission to suitable receiver apparatus forexecution by a data processing apparatus. A computer storage medium canbe, or be included in, a computer-readable storage device, acomputer-readable storage substrate, a random or serial access memoryarray or device, or a combination of one or more of them. Moreover,while a computer storage medium is not a propagated signal, a computerstorage medium can be a source or destination of computer programinstructions encoded in an artificially-generated propagated signal. Thecomputer storage medium can also be, or be included in, one or moreseparate physical components or media (e.g., multiple CDs, disks, orother storage devices).

The operations described in this specification can be implemented asoperations performed by a data processing apparatus on data stored onone or more computer-readable storage devices or received from othersources.

The term “data processing apparatus” encompasses all kinds of apparatus,devices, and machines for processing data, including by way of example aprogrammable processor, a computer, a system on a chip, or multipleones, or combinations, of the foregoing The apparatus can includespecial purpose logic circuitry, e.g., an FPGA (field programmable gatearray) or an ASIC (application-specific integrated circuit). Theapparatus can also include, in addition to hardware, code that createsan execution environment for the computer program in question, e.g.,code that constitutes processor firmware, a protocol stack, a databasemanagement system, an operating system, a cross-platform runtimeenvironment, a virtual machine, or a combination of one or more of them.The apparatus and execution environment can realize various differentcomputing model infrastructures, such as web services, distributedcomputing and grid computing infrastructures.

A computer program (also known as a program, software, softwareapplication, script, or code) can be written in any form of programminglanguage, including compiled or interpreted languages, declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, object, orother unit suitable for use in a computing environment. A computerprogram may, but need not, correspond to a file in a file system. Aprogram can be stored in a portion of a file that holds other programsor data (e.g., one or more scripts stored in a markup languageresource), in a single file dedicated to the program in question, or inmultiple coordinated files (e.g., files that store one or more modules,sub-programs, or portions of code). A computer program can be deployedto be executed on one computer or on multiple computers that are locatedat one site or distributed across multiple sites and interconnected by acommunication network.

The processes and logic flows described in this specification can beperformed by one or more programmable processors executing one or morecomputer programs to perform actions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) or an ASIC(application-specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only memory ora random access memory or both. The essential elements of a computer area processor for performing actions in accordance with instructions andone or more memory devices for storing instructions and data. Generally,a computer will also include, or be operatively coupled to receive datafrom or transfer data to, or both, one or more mass storage devices forstoring data, e.g., magnetic, magneto-optical disks, or optical disks.However, a computer need not have such devices. Moreover, a computer canbe embedded in another device, e.g., a mobile telephone, a personaldigital assistant (PDA), a mobile audio or video player, a game console,a Global Positioning System (GPS) receiver, or a portable storage device(e.g., a universal serial bus (USB) flash drive), to name just a few.Devices suitable for storing computer program instructions and datainclude all forms of non-volatile memory, media and memory devices,including by way of example semiconductor memory devices, e.g., EPROM,EEPROM, and flash memory devices; magnetic disks, e.g., internal harddisks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in, special purpose logic circuitry.

To provide for interaction with a user, embodiments of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube) or LCD (liquidcrystal display) monitor, for displaying information to the user and akeyboard and a pointing device, e.g., a mouse or a trackball, by whichthe user can provide input to the computer. Other kinds of devices canbe used to provide for interaction with a user as well; for example,feedback provided to the user can be any form of sensory feedback, e.g.,visual feedback, auditory feedback, or tactile feedback; and input fromthe user can be received in any form, including acoustic, speech, ortactile input. In addition, a computer can interact with a user bysending resources to and receiving resources from a device that is usedby the user; for example, by sending web pages to a web browser on auser's client device in response to requests received from the webbrowser.

Embodiments of the subject matter described in this specification can beimplemented in a computing system that includes a back-end component,e.g., as a data server, or that includes a middleware component, e.g.,an application server, or that includes a front-end component, e.g., aclient computer having a graphical user interface or a Web browserthrough which a user can interact with an implementation of the subjectmatter described in this specification, or any combination of one ormore such back-end, middleware, or front-end components.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other. In someembodiments, a server transmits data (e.g., an HTML page) to a clientdevice (e.g., for purposes of displaying data to and receiving userinput from a user interacting with the client device). Data generated atthe client device (e.g., a result of the user interaction) can bereceived from the client device at the server.

A system of one or more computers can be configured to performparticular operations or actions by virtue of having software, firmware,hardware, or a combination of them installed on the system that inoperation causes or cause the system to perform the actions. One or morecomputer programs can be configured to perform particular operations oractions by virtue of including instructions that, when executed by dataprocessing apparatus, cause the apparatus to perform the actions.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinventions or of what may be claimed, but rather as descriptions offeatures specific to particular embodiments of particular inventions.Certain features that are described in this specification in the contextof separate embodiments can also be implemented in combination in asingle embodiment. Conversely, various features that are described inthe context of a single embodiment can also be implemented in multipleembodiments separately or in any suitable subcombination. Moreover,although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asubcombination or variation of a subcombination.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be advantageous. Moreover, the separation of various systemcomponents in the embodiments described above should not be understoodas requiring such separation in all embodiments, and it should beunderstood that the described program components and systems cangenerally be integrated together in a single software product orpackaged into multiple software products.

In some cases, the actions recited in the claims can be performed in adifferent order and still achieve desirable results. In addition, theprocesses depicted in the accompanying figures do not necessarilyrequire the particular order shown, or sequential order, to achievedesirable results. In certain implementations, multitasking and parallelprocessing may be advantageous.

Thus, particular embodiments of the subject matter have been described.Other embodiments are within the scope of the following claims. Forexample, usage of wireless payment system may not be limited to a taxienvironment but could also be applied to other environments, such as arestaurant. Moreover, usage of the techniques to establish securecommunication may not be limited to mobile devices, but could also beapplied to non-mobile or wired devices connected to a network. Althoughthe swiping of a card through a reader is described above, othertechniques for scanning a card, e.g., chip reading or near fieldcommunication, could be used to read data from the card.

What is claimed is:
 1. A method of securely communicating between a cardreader and a mobile device, the method comprising: receiving, by themobile device that is associated with a merchant and from the cardreader, an identification code that identifies the card reader, whereinthe card reader is configured to read card information of a payment cardused for payment of a transaction between the merchant associated withthe mobile device and a cardholder associated with the payment card;sending, by the mobile device, the identification code to a server;receiving, by the server, the identification code; obtaining, by theserver, a cryptographic key associated with the identification code;sending, by the server, the cryptographic key associated with theidentification code to the mobile device; receiving, by the mobiledevice and from the server, the cryptographic key that is associatedwith the identification code; storing, by the mobile device, thecryptographic key on the mobile device for use by the mobile device forencrypting communications of the mobile device with the card reader;encrypting, by the mobile device, a first data including a passcodeassociated with the payment card entered by the cardholder on aninterface of the mobile device using the stored cryptographic keyreceived from the server; sending, by the mobile device, the encryptedfirst data to the card reader to prompt the card reader to perform afirst operation based on the first data, the first operation includingverifying whether the passcode of the decrypted data matches a secondpasscode embedded in the payment card; receiving, by the mobile device,encrypted second data from the card reader; decrypting, by the mobiledevice, the encrypted second data using the stored cryptographic keyreceived from the server; processing, by the mobile device, theunencrypted second data; and performing, by the mobile device, a secondoperation based on the unencrypted second data that includes sending apayment transaction, including a payment amount of the transaction, to apayment processing system.
 2. The method of claim 1, where theidentification code is thirty two bits or sixty four bits in length. 3.The method of claim 1, where prior to receiving the identification code,the card reader acquires information from the payment card.
 4. Themethod of claim 3, where the stored cryptographic key received by themobile device from the server expires after a predetermined amount oftime.
 5. The method of claim 1, where the second encrypted dataindicates an acknowledgment that the passcode has been verified by thecard reader.
 6. The method of claim 1, where prior to the encrypting,further comprising: receiving, by the mobile device, a certificate fromthe card reader; sending, by the mobile device, the certificate to theserver to prompt verification of a signature of the certificate by theserver; and receiving, by the mobile device, a verification of thecertificate from the server.
 7. The method of claim 1, where prior tosending the identification code to the server, encrypting, by the mobiledevice, the identification code using a public key acquired from theserver; and where decrypting the encrypted data using the storedcryptographic key comprises decrypting, by the mobile device, theencrypted second data using a private key associated with the mobiledevice.
 8. The method of claim 1, where the identification code and theencrypted second data are received from the card reader via an audiojack of the mobile device, and where the first data is sent by themobile device to the card reader via the audio jack.
 9. The method ofclaim 1, where the identification code and the encrypted second data arereceived wirelessly from the card reader, and where the first data issent wirelessly by the mobile device to the card reader.
 10. A method ofsecurely communicating between a card reader and a mobile device, themethod comprising: sending, by the card reader, an identification codethat identifies the card reader to the mobile device, wherein the cardreader is configured to read card information of a payment card used forpayment of a transaction between a merchant associated with the mobiledevice and a cardholder associated with the payment card; receiving, bythe card reader, encrypted data from the mobile device including a firstpasscode associated with the payment card, the encrypted data beingencrypted by the mobile device using a first cryptographic key that isassociated with the identification code and that has been received bythe mobile device from a server based on the identification code;decrypting, by the card reader, the encrypted data using a secondcryptographic key embedded in the card reader, to produce decrypteddata; performing, by the card reader, a first operation based on thedecrypted data including verifying whether the passcode of the decrypteddata matches a second passcode embedded in the payment card; encrypting,by the card reader, a response using the second cryptographic key, theresponse including information indicating whether the first passcodematches the second passcode; and sending, by the card reader, theencrypted response to the mobile device to prompt the mobile device toperform a second operation based on the response that includes sending apayment transaction, including a payment amount of the transaction, to apayment processing system.
 11. The method of claim 10, where theidentification code is 32 bits or 64 bits in length.
 12. The method ofclaim 10, where prior to sending the identification code, the cardreader acquires information from the payment card.
 13. The method ofclaim 12, where the first cryptographic key received by the mobiledevice from the server expires after a predetermined amount of time. 14.The method of claim 10, further comprising: sending, by the card reader,a certificate to the mobile device.
 15. The method of claim 10, wherethe second cryptographic key is embedded in the card reader duringmanufacturing of the card reader.
 16. The method of claim 10, where theidentification code and the response are sent by the card reader to themobile device via an audio jack of the mobile device, and where theencrypted data is received by the card reader via the audio jack. 17.The method of claim 10, where the identification code and the responseare sent wirelessly by the card reader, and where the encrypted data isreceived wirelessly by the card reader.
 18. A method of securelycommunicating between a card reader and a mobile device, the methodcomprising: receiving, by the mobile device, from the card reader, anidentification code that identifies the card reader, wherein the cardreader is configured to read card information of a payment card used forpayment of a transaction between a merchant associated with the mobiledevice and a cardholder associated with the payment card; generating, bythe mobile device, first data including the identification code receivedfrom the card reader, wherein the first data is encrypted using a firstcryptographic key that is retrieved from a server; sending, by themobile device, the encrypted first data to the server, where the serverconducts operations that further comprise: decrypting the encryptedfirst data using a second cryptographic key that is associated with thefirst cryptographic key; obtaining a third cryptographic key based onthe identification code from a database that maps identification codesto cryptographic keys, wherein the third cryptographic key is linked tothe identification code of the card reader; encrypting the thirdcryptographic key using the second cryptographic key; and sending theencrypted third cryptographic key to the mobile device; receiving, bythe mobile device, the encrypted the third cryptographic key from theserver; decrypting, by the mobile device, the encrypted thirdcryptographic key using the first cryptographic key; storing, by themobile device, the third cryptographic key on the mobile device;encrypting, by the mobile device, using the stored third cryptographickey, second data including a passcode entered by the cardholder on aninterface of the mobile device; sending, by the mobile device, theencrypted second data to the card reader to prompt the card reader toperform an operation; receiving an encrypted verification result, by themobile device, from the card reader; and decrypting, by mobile device,using the stored third cryptographic key, the encrypted verificationresult to obtain a decrypted verification result indicating whether thepasscode entered by the cardholder on the interface of the mobile deviceis valid.
 19. The method of claim 18, where the identification code isthirty two bits or sixty four bits in length.
 20. The method of claim18, where prior to the mobile device receiving the identification code,the card reader acquires information from the payment card.
 21. Themethod of claim 18, where the encrypted verification result received bythe mobile device from the card reader is encrypted by the card readerusing an embedded encryption key corresponding to the stored thirdencryption key, and the decrypted verification result includes anacknowledgment that the entered passcode matches a passcode embedded onthe payment card.
 22. The method of claim 18, where prior to sending theencrypted first data to the server, the method further comprising:receiving, by the mobile device, a certificate from the card reader;sending, by the mobile device, the certificate to the server, where theserver verifies a signature of the certificate; and receiving, by themobile device, a verification of the certificate from the server. 23.The method of claim 18, further comprising: submitting, by the mobiledevice, a payment transaction to a payment processing system based onthe decrypted verification result.
 24. The method of claim 18, where theidentification code is received from the card reader via an audio jackof the mobile device, and where the encrypted second data is sent by themobile device to the card reader via the audio jack.
 25. The method ofclaim 18, where the identification code is received wirelessly from thecard reader, and where the encrypted second data is sent wirelessly bythe mobile device to the card reader.
 26. A method of securelycommunicating between a card reader and a mobile device, the methodcomprising: sending, by the card reader, an identification code thatidentifies the card reader to the mobile device and that is embeddedwithin firmware in the card reader during manufacturing of the cardreader, wherein the card reader is configured to read card informationof a payment card used for payment of a transaction between a merchantassociated with the mobile device and a cardholder associated with thepayment card; receiving, by the card reader, encrypted data from themobile device, the encrypted data being encrypted by the mobile deviceusing a first cryptographic key that is associated with theidentification code of the card reader, wherein the first cryptographickey is received from a server by the mobile device based on theidentification code of the card reader and stored on the mobile device;decrypting, by the card reader, the encrypted data using a secondcryptographic key associated with the first cryptographic key and thatis embedded in the card reader to produce decrypted data; performing, bythe card reader, a first operation based on the decrypted data;encrypting, by the card reader, a response using the secondcryptographic key; and sending, by the card reader, the response to themobile device to prompt the mobile device to perform a second operation.27. The method of claim 26, where the identification code is 32 bits or64 bits in length.
 28. The method of claim 26, where prior to sendingthe identification code, the card reader acquires information from thepayment card.
 29. The method of claim 26, where the encrypted dataincludes a passcode associated with the payment card that is enteredusing an interface of the mobile device.
 30. The method of claim 29,where the response is an acknowledgment that the passcode has beenverified by the card reader as matching an embedded passcode within thepayment card.
 31. The method of claim 26, where the identification codeand the response are sent by the card reader to the mobile device via anaudio jack of the mobile device, and where the encrypted data isreceived by the card reader via the audio jack.
 32. The method of claim26, where the identification code and the response are sent wirelessly,and where the encrypted data is received wirelessly.
 33. A method ofsecurely communicating between a card reader and a mobile device, themethod comprising: sending, by the mobile device, an identification codethat identifies the card reader to a server, wherein the card reader isconfigured to read card information of a payment card used for paymentof a transaction between a merchant associated with the mobile deviceand a cardholder associated with the payment card; receiving, by themobile device, from the server, a cryptographic key that is associatedwith the identification code of the card reader; storing, by the mobiledevice, the cryptographic key on the mobile device for encryptingcommunications with the card reader; encrypting, by the mobile device,using the stored cryptographic key, first data acquired by the mobiledevice; sending, by the mobile device, the encrypted first data to thecard reader to prompt the card reader to perform a first operation basedon the encrypted first data; receiving, by the mobile device, encryptedsecond data from the card reader; decrypting, by the mobile device, theencrypted second data using the stored cryptographic key received fromthe server to produce decrypted second data; determining a verificationresult, by the mobile device, based on the decrypted second dataindicating whether a passcode entered by the cardholder on an interfaceof the mobile device is valid; and sending, by the mobile device, basedon the verification result, a payment transaction, including a paymentamount of the transaction, to a payment processing system.
 34. Themethod of claim 33, where prior to the mobile device receiving thecryptographic key, the card reader acquires information from the paymentcard.
 35. The method of claim 34, further comprising: encrypting, by themobile device, as the first encrypted data, the passcode entered by thecardholder on the interface of the mobile device using the storedcryptographic key; and sending, by the mobile device, as the firstencrypted data, the encrypted passcode to the card reader to prompt thecard reader to verify whether the passcode matches a passcode embeddedon the payment card.
 36. The method of claim 35, where the verificationresult determined by the mobile device is received from the card readeras the encrypted second data, and includes an acknowledgment that thepasscode has been verified by the card reader.
 37. The method of claim33, where prior to the encrypting the first data, the method furthercomprising: receiving, by the mobile device, a certificate from the cardreader; sending, by the mobile device, the certificate to the server toprompt verification of a signature of the certificate; and receiving, bythe mobile device, a verification of the certificate from the server.38. The method of claim 33, where the encrypted second data is receivedfrom the card reader via an audio jack of the mobile device, and wherethe encrypted first data is sent by the mobile device to the card readervia the audio jack.
 39. The method of claim 33, where the cryptographickey and the encrypted second data are received wirelessly, and where theencrypted first data is sent wirelessly.
 40. A method of securelycommunicating between a card reader and a mobile device, the methodcomprising: receiving, by the card reader, at a card interface, a readof a payment card, wherein the card reader is configured to read cardinformation of the payment card used for payment of a transactionbetween a merchant associated with the mobile device and a cardholderassociated with the payment card; responsive to receiving the read ofthe card, sending, by the card reader, a card reader identification codeto the mobile device, the identification code enabling the mobile deviceto receive, from a server, and store a first cryptographic key being apublic key that is associated with the card reader; receiving, by thecard reader, encrypted data from the mobile device that has beenencrypted by the mobile device using the stored first cryptographic key;decrypting, by the card reader, the encrypted data using a secondcryptographic key associated with the first cryptographic key to producedecrypted data; performing, by the card reader, a first operation basedon the decrypted data; encrypting, by the card reader, a response usingthe second cryptographic key; and sending, by the card reader, theresponse to the mobile device to prompt the mobile device to perform asecond operation based on the response that includes sending a paymenttransaction, including a payment amount of the transaction, to a paymentprocessing system.
 41. The method of claim 40, where the encrypted dataincludes a passcode associated with the card.
 42. The method of claim41, where the response is an acknowledgment that the passcode has beenverified by the card reader.
 43. The method of claim 40, where theidentification code and the response are sent by the card reader to themobile device via an audio jack of the mobile device, and where theencrypted data is received by the card reader via the audio jack. 44.The method of claim 40, where the identification code and the responseare sent wirelessly by the card reader, and where the encrypted data isreceived wirelessly.
 45. A method of processing payment transactionsbetween a card, a card reader and a mobile device, the methodcomprising: receiving, by the card reader at a card interface, aninsertion of a payment card, of a card holder, used for payment of atransaction between a merchant associated with the mobile device and thecardholder; sending, by the card reader, a notification of the insertionto the mobile device; receiving, by the card reader, batched informationassociated with the payment card from the mobile device, where thebatched information includes transaction details and a passcode for thecard, where the batched information is encrypted by the mobile deviceusing a first cryptographic key associated with the card reader, whereinthe mobile device receives and stores the first cryptographic key from aserver based on an identification code of the card reader, and whereinthe mobile device receives the passcode based on user input on a displayof the mobile device; decrypting, by the card reader, the batchedinformation using a second cryptographic key embedded within the cardreader; storing, by the card reader, the batched information within amemory, wherein the batched information includes the transaction detailsincluding at least one of an amount of the transaction or an identity ofa payee; sending, by the card reader, the passcode to the payment card,where the payment card determines whether the passcode matches anembedded passcode in the payment card; and in response to the carddetermining the passcode matches the embedded passcode in the card,processing, by the card reader, the transaction details; and sending, bythe card reader, an approval for a transaction to the mobile device. 46.The method of claim 45, where the notification and the approval are sentby the card reader to the mobile device via an audio jack of the mobiledevice, and where the passcode is received by the card reader via theaudio jack.
 47. The method of claim 45, where the notification and theapproval are sent wirelessly by the card reader, and where the passcodeis received wirelessly.
 48. The method of claim 45, where the passcodeis encrypted by the mobile device using the stored first cryptographickey, and where the method comprises, prior to sending the passcode tothe payment card, decrypting the encrypted passcode using the secondcryptographic key.
 49. The method of claim 45, where the approval isencrypted, by the card reader using the second cryptographic key.